| VID |
22150 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Apache web server has a file disclosure vulnerability via an illegal character HTTP request.
This vulnerability exists in the way some HTTP requests are handled by the Apache Server. Any HTTP requests that append some illegal characters such as '<' will cause the server to disclose the contents of certain files to a remote attacker.
* References:
http://online.securityfocus.com/bid/6660
http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=104313442901017&w=2
* Platforms Affected:
Apache before 2.0.44
MS Windows Platforms |
| Recommendation |
Upgrade to version 2.0.44 or later of Apache, available from:
http://httpd.apache.org/download.cgi |
| Related URL |
CVE-2003-0017 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
